Archive for the ‘ SysAdmin ’ Category

pfSense download cut off issue on VMware ESXi

Recently I had some trouble with my newly installed pfSense virtual box.

When I tried to download large files the pfSense cut off the download and could not download anything at all.
The strange thing was that the same exact pfSense was behaving fine not cutting of any downloads on a different up-link provider.

So I have tried to switch off the checksum offload and TCP segmentation offload also the large receive offload as it was suggested on many different sites like proxmox for example.

None of them helped and finally I found the solution to changing the main firewall behavior under System/Advanced/Firewall & NAT and then I changed Firewall Optimization Options to Conservative from Normal. After this all large file download went through on the firewall, no cuts off whatsoever.

So again the same box, same version and patch and also same virtual machine version on VMware behaved differently because of the ISP provider up-link.
If you have this issue just change the Firewall Optimizations at System/Advanced/Firewall & NAT.


VMware Replication & Recovery

The following three videos show how to create virtual machine offsite replication in your vCenter server on any available storage drive in your server.
This solution is available freely from VMware and can be integrated into all type of vCenters, even into VMware Small Business Essentials Plus.
To download VMware replication follow this link: VMware Replication

The backup storage can be a network share mount or a local drive.
If you use for example an NFS share or iSCSI storage, then this gives you the benefit of an offsite backup for your virtual machines.
The replication is automatic and scheduled to run in the background on the vCenter server.

The offsite backup, can be restored with out the vCenter server, if for any reason vCenter is unavailable.
In this case you need to add manually the backed up machine onto your vCenter or stand alone ESXi server’s inventory.



SPF record setup for mail server

How to set up and test SPF record for mail server:

Let’s check Google’s SPF record first with dig command.

[root@mail ~]# dig txt

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52169
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0


;; ANSWER SECTION: 3599 IN TXT “v=spf1 ip4: ip4: ~all”

;; Query time: 12 msec
;; WHEN: Fri Feb 27 08:47:05 2015
;; MSG SIZE rcvd: 116

[root@mail ~]#

In the answer section you can see the IP addresses. These are the servers which allowed to send mails via
So you have your domain name e.g. and you have your mail server on it with an A record This server can send mails for its own name, but any other servers are not allowed to send mails. With the SPF record, you can send mail from the IP address via google’s mail server. So server and 72 can send mails (relay) via google’s mail server.

Also you can use domain names in SPF record and tell the server to use that instead of the IP address.

[root@mail ~]# dig txt

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64785
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0


;; ANSWER SECTION: 21599 IN TXT “v=spf1 ip4: ~all” 21599 IN TXT “v=DMARC1\; p=none\; adkim=r\; aspf=r\; sp=none”

;; Query time: 36 msec
;; WHEN: Fri Feb 27 08:59:31 2015
;; MSG SIZE rcvd: 225

[root@mail ~]#


Create and check SPF records:

Header check for emails to analyse SPF and other issues:



Debian Distro Upgrade

So let's make our hands dirty with some Debian Linux distro update!
It happened to be this week I have received a complaint against one of our server, which had some dodgy outdated PHP packages installed on it.
I had to investigate that what has happened with the box and fix the issue.
I figured out it has Debian lenny installed on it, which considered quiet old and end of life support.
For this release has no security update since 2012, so it must be updated to never release to fix this issue.
Although this box is behind a firewall, but still it's dangerous to have an outdated box sitting on the net.
So I had to do full distro update on the box, which will follow here:
First I installed the latest packages from the original distro, which was lenny.
After the update I rebooted the box and changed the source to squeeze:
# nano /etc/apt/sources.list
deb wheezy main contrib non-free
deb-src wheezy main contrib non-free
deb wheezy/updates main contrib non-free
deb-src wheezy/updates main contrib non-free
Then I started the upgrade process like this:
# aptitude update
# aptitude safe-upgrade
# aptitude dist-upgrade
Follow the instructions by the aptitude, it will asks what you want to do with the conflicting packages.
For example php.ini has a modified version, then what to do?
Keep the current modified version or use the provided one by the distro?
Sometimes you need to use the distro provided config file otherwise the service wont be able to start up.
For example I kept the mysql-server config and the new version could not start up.
So I replaced to the new one and modified the config with some old settings and viola it started up just fine.
So to do upgrade from lenny to wheezy you must upgrade first to squeeze, then to wheezy:
lenny -> squeeze -> wheezy
Be patient and prepare few good coffee for the upgrade, because it will take some time!

High Availability Postfix mail server on GlusterFS

The next article will be soon: High-available mail server on glusterfs.

– Two node CentOS Linux
– GlusterFS shared storage
– NFS share for mails on GlusterFS
– Postfix mail server with squirrelmail weblient
– Dovecot IMAP/POP server


So let’s get started.

In this article I used two local private nodes for testing.
You should change the IPs according to your real configuration. GlusterFS can manage different geo-locations to sync files/directories.
But if you want both servers at the same physical location then use a firewall for example pfSense or Snort and use local IPs behind the firewall.

GlusterFS part:

First edit the hosts file and insert all the nodes which will be in the cluster.

cat /etc/hosts    localhost    localhost.localdomain localhost4 localhost4.localdomain4
::1    localhost    localhost.localdomain localhost6 localhost6.localdomain6    test2.local    test2    test3.local    test3

yum install glusterfs glusterfs-fuse glusterfs-server postfix dovecot

service glusterd start

gluster peer probe

gluster peer probe

On every node you should have the other nodes UUID peers.

ls /var/lib/glusterd/peers


cat /var/lib/glusterd/peers/878b63e8-5a3c-4746-984a-a14f4918c4b8


service glusterd status
glusterd (pid  1620) is running…

Start glusterd on other node too.
Then check glusterd status on both node:

gluster peer status (node1)
Number of Peers: 1

Hostname: test3.local
Uuid: 878b63e8-5a3c-4746-984a-a14f4918c4b8
State: Peer in Cluster (Connected)

gluster peer status (node2)
Number of Peers: 1

Hostname: test2.local
Uuid: 0d06c152-3966-4938-a1c4-84b624689927
State: Peer in Cluster (Connected)

Now let’s create the glusterfs volume.

Before you run the appropriate command be careful with sysctl! I had some trouble with: net.ipv4.ip_nonlocal_bind = 0 in sysctl.conf because I used the nodes for heartbeat and corosync to test them and I could not create glusterfs volume.
So change this from 1 to 0 in sysctl.conf and run sysctl -p to reconfigure this kernel parameter.

So create the volume:

gluster volume create gv0 replica 2 test2:/export/brick1 test3:/export/brick1

You could check the volume with this command too:

gluster volume info

Volume Name: gv0
Type: Replicate
Volume ID: da3d4c48-d168-4b4f-9590-e8d87cf5aa87
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Brick1: test2.local:/export/brick1
Brick2: test3.local:/export/brick1

Start the volume sharing with this command:

gluster volume start gvo

XFS part:

Next step install xfs modules.

modprobe xfs  (CentOS 6.3 already got installed kmod-xfs)

Create xfs file system on the extra disk that you want as a glusterfs volume.

mkfs.xfs -i size=512 /dev/vdb1

NFS part:

Then install nfs services.

yum install nfs-utils

And mount the nfs share as a glusterfs volume:

mount -o mountproto=tcp,vers=3 -t nfs test2.local:/gv0 /mnt/

Check the mounts:

/dev/mapper/VolGroup-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/vda1 on /boot type ext4 (rw)
/dev/vdb1 on /export/brick1 type xfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
test2.local:/gv0 on /mnt type nfs (rw,mountproto=tcp,vers=3,addr=

Start services automatically at boot:

chkconfig nfs on

chkconfig glusterd on

Postfix Part:

Create a symbolic link to /var under /mnt

 ln -s /var/ /mnt/

Then insert into /etc/postfix/ to front of every refer that contains /var/ an extra /mnt/ like this:

From this: mail_spool_directory = /var/spool/mail
To this: mail_spool_directory = /mnt/var/spool/mail

And configure Postfix as usual.

Dovecot Part:

Change the default mail location in /etc/dovecot/conf.d/10-mail.conf

from this: mail_location = maildir:~/Maildir
To this: mail_location = mbox:~/mail:INBOX=/var/mail/%u

In this configuration dovecot will keep the mails in the old unix format not new dovecot format.
And you can reach the mails from both nodes.

Configure the rest of dovecot as usual.

In this setup you should have a shared mail system on nfs volume, so users should be able to reach their mails all the time whatever happens with the other nodes. The MX records configured to deliver mails to the second node if the first unreachable.
You need to use same unix users on both nodes otherwise the user boxes will be mixed and can’t be successful the whole setup.



Dovecot POP3/IMAP server

The next article is about how to install and setup dovecot server.

Start a new terminal then install the dovecot server:

yum install dovecot

In the /etc directory edit the dovecot.conf file and add those changes as below here:

#you must add pop3 and pop3s to get these protocols work
protocols = imap imaps pop3 pop3s

#this part depend on what mail server you are using for eg.: Postfix, Sendmail
mail_location = mbox:~/mail:INBOX=/var/mail/%u

#you should add the mail group to the privileged user group otherwise dovecot wont be able to read the mailbox file
mail_privileged_group = mail

#You need to setup the uidl part otherwise the POP3 clients can’t follow of what messages they’ve downloaded from the server.
#More hints here:
pop3_uidl_format = %08Xu%08Xv

#this part need for outlook to get it work. More hints here:
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

#we need this part to reach the server with plain text authentication. Use basic pop3 authentication only just a secure environment! Otherwise use the secure SSL authentication.
#When you use the basic plain text authentication method, all the data travels unencrypted on your network. So the login details and the password could be catched by anyone.
#Use the encrypted SSL connection to secure the whole data travels. In the outlook thick the ” This server requires an encrypted connection(SSL) box”.
#After that the outlook will use SSL authentication method and every part of the communication will be secure.
#If you check the login details of the maillog file, you will see at the and of the line TLS
#I will show examples about this further below
disable_plaintext_auth = no

To get the SSL working you need to fill this part of the dovecot.conf:

ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/private/dovecot.key
ssl_disable = no

Save the dovecot.conf and close it. We are set.

Start the service:

service dovecot start

Then test the pop3 server.

tail -F /var/log/maillog

This below is a basic plain text login method 110 port used:

Jan 22 00:11:04 ldapproxy dovecot: pop3-login: Login: user=<aaa>, method=PLAIN, rip=, lip=
Jan 22 00:11:04 ldapproxy dovecot: POP3(aaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jan 22 00:11:05 ldapproxy sendmail[8564]: p0M0B5XT008564: from=<>, size=407,, nrcpts=1, msgid=<201101220011.p0M0B5XT008564@ldapproxy.localdomain>, proto=ESMTP, daemon=MTA, relay=[]
Jan 22 00:11:05 ldapproxy sendmail[8566]: p0M0B5XT008564: to=<>, ctladdr=<> (505/505), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30693, dsn=2.0.0, stat=Sent

and this is how the Wireshark captured the login name and the password of the whole process:


Then change the authentication method in the outlook to use the SSL. (port 995)

The maillog will look like this one:

Jan 22 00:23:38 ldapproxy dovecot: pop3-login: Login: user=<aaa>, method=PLAIN, rip=, lip=, TLS
Jan 22 00:23:38 ldapproxy dovecot: POP3(aaa): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jan 22 00:23:38 ldapproxy sendmail[9010]: p0M0NcNf009010: from=<>, size=407,, nrcpts=1, msgid=<201101220023.p0M0NcNf009010@ldapproxy.localdomain>, proto=ESMTP, daemon=MTA, relay=[]
Jan 22 00:23:38 ldapproxy sendmail[9011]: p0M0NcNf009010: to=<>, ctladdr=<> (505/505), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30693, dsn=2.0.0, stat=Sent

Have you noticed that the TLS at the and of the line? The whole communication was encrypted!
Take a look the Wireshark’s captured data. The whole process was encrypted.


To test your dovecot server locally without any pop3 client just start telnet:

[root@ldapproxy etc]# telnet 110

Connected to (
Escape character is ‘^]’.
+OK Dovecot ready.
user aaa
pass 123456
+OK Logged in.
+OK 1 messages:
1 743

retr 1
+OK 599 octets
Return-Path: <root@ldapproxy.localdomain>
Received: from ldapproxy.localdomain (localhost.localdomain [])
by ldapproxy.localdomain (8.13.8/8.13.8) with ESMTP id p0O07gY3032579
for <aaa@ldapproxy.localdomain>; Mon, 24 Jan 2011 00:07:42 GMT
Received: (from root@localhost)
by ldapproxy.localdomain (8.13.8/8.13.8/Submit) id p0O07gRw032578
for aaa; Mon, 24 Jan 2011 00:07:42 GMT
Date: Mon, 24 Jan 2011 00:07:42 GMT
From: root <root@ldapproxy.localdomain>
Message-Id: <201101240007.p0O07gRw032578@ldapproxy.localdomain>
To: aaa@ldapproxy.localdomain
Subject: test


More references and hints here:
And troubleshoot here:

Linux/Windows Troubleshooting part 2

Network troubleshooting part 2:

The next article is about some basic DNS troubleshooting.
First we will do it on Linux with dig command, then we will check out nslookup on Windows too.

dig any @

This command will check domain at google’s DNS server(@ and will ask for all available records (any) on this domain.
I have highlighted every important parts of this command. All in all 7 records been found as you can see on this picture above:



You can change the server easily with the @ part. You can put your own DNS server if you want to check your updated local DNS server.
The fully DNS zone propagation(update) theoretically takes 2 days, but usually enough few hours to get updated nearly everywhere.
If you completely lose the @server-IP-address then dig will use the current DNS server address from /etc/resolv.conf.
For example:

dig any

To check only the MX records for the domain change the any to mx like this:

dig mx


The next one is how to check the reverse record for the domain.

dig -x

As you can see in the answer section the command found the reverse record for the domain which is


So let’s take a look at this with Windows nslookup:



set type=any



You can see that in the answer parts all the nameserver addresses and A records are there, also both MX records have been presented.
To check only MX records then you could easily change the type to mx, like this:

set type=mx

You will get only the MX records result from the server:



Windows Update troubles:

I was just updating few servers at my workplace remotely at the datacenter and 1 of them didn’t reboot properly.

So the issue was this:

– Server updated with new service packs.
– Reboot has been processed and started via RDP(remote desktop).
– The RDP can’t be reachable anymore, because that service has been shut down already and connections has been shut down.
– Server still pingable.
– No any other way to reach the server anymore. (IPMI/KVM/DRAC)


– Go to datacenter and restart the server manually. On Saturday is not a good fun, let’s be honest
– Phone up the datacenter to ask for remote hand… Takes ages to explain everything, server number, rack location etc…
– Download PsTools from here: and kill the winlogon process which stuck on the server.

Extract PsTools and first try this command:

psexec \\REMOTE_SERVER_NAME shutdown /r /t 0

This will try to execute shutdown command on the remote box and restart the server. The /r means reboot the /t switch is the time which is zero.
If this wont help for some reason then you could try to use the pskill.exe command.

pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>

pskill \\ -u mydomain\Administrator -p mylovelypassword Winlogon

This should work and you wont need to go to datacenter neither to phone them up and asking for the reboot.
You can monitor the server with ping command and you will see when the server really reboots, because you will lose ping from it.

This one saved me so many times on my weekends, when I usually make Windows updates. ( Just like right now:) )
Weekdays you can’t really do Windows updates on corporate servers, because they are heavily used by users, so reboot is not a good idea that time.

Next issue will be posted shortly…

Linux/Windows Troubleshooting part 1

Network troubleshooting part 1:

Checking open ports on box:

netstat -natlp

It will tell you the locally open ports with the running daemon name also.
As you can see on the picture the first red cubic is the named daemon DNS name server is listening on the local port. The second red cubic is the ( ssh daemon which is the remote session terminal.You can see the local and the remote address on these picture.

If you want to check all the listening udp and tcp ports then you need to add and extra u at the switches which will provide the udp connections also.

netstat -natlpu



On this picture you can clearly see the Asterisk and Named servers are listening on 5060 and 53 ports.

So if you want to check any running daemon or application on your box just issue any of those commands and you will see if they are listening on the local ports or not. This is the easiest way to figure this out.
If you stop for example smtp daemon or imap daemon, then the port(s) will disappear straight away.

Netstat is available by default in any major Linux distro also available in every old and new Windows.
Under Windows you need much less switches:

netstat -an -p tcp


netstat -an -p udp


The first command will show you all listening, connected and waiting tcp connections.
If you have so many wait/close connections then probably someone is attacking your box remotely.
I have seen it on Exchange server 2010, it had more then 100 wait/close connection against port 110, because someone tried  to brake into that server with brute force attack. The sysadmin didn’t lover down the maximum available connection per IP, it was on default which is 2000.


The next command will show you all the listening UDP connections. If you have a DNS server or an Asterisk SIP server they will listen on UDP and you will see those ports up and open.


My other favorite command on Linux and Windows is the nmap. This application can scan local and remote IP addresses or domain names to show you the open/listening ports. Also you can trace your whole local or remote network which IP addresses are used or which port(s) listening/open. By default nmap is not installed on any major Linux distro, so you need to install it.


yum install nmap

On Debian/Ubuntu:

apt-get install nmap

On Windows:

Few examples for port scans:

nmap localhost

This will show you all locally listening applications/daemons on your box:


 nmap IP_address or domain name

This command will show you all the listening ports on the host that you check. (IP or name)


Nmap local network scan to discover up and running hosts on your local network:

nmap -sP


Also Nmap can do remote IP address scan. Be careful with this, just only do it for testing /troubleshooting purpose not for fun!
Port scans usually logged by firewalls/servers and your IP address will be logged, so you can be traced if you did something.

nmap -sP



Next troubleshooting tools is traceroute/tracert:

Linux: traceroute, Windows: tracert.

Lets do a traceroute first on Linux box:




I used capital I and n to force traceroute to use icmp protocol for tracing and n to avoid name resolution.
As you can see on the picture the jump via routers showing the whole route how the package reach my server.
The last address is my server address at Hetzner. This is the best way to figure out for example how the packets reaching your server.
If you have multiple path like two ISP broadband, then how you will know that what way the packets getting into your box?
Also when you are testing firewalls this and something is not correct, then you can check with this if the packets getting on the appropriate way.
For example you are connected into a VPN and in the meantime you are testing a firewall and the remote VPN default gateway address has been used.
So every packet will travel via VPN instead of your local network gateway (if the VPN’s configured that way) and you got lost with the firewall troubleshooting.

On Windows you can use this tool also:

tracert -d

The -d switch is compulsory I would say otherwise every IP address will be resolved into names and takes ages to get back the results.
I guess you don’t really want to wait, so use all the time -d switch  otherwise takes too long the whole tracing process.



Back to Linux again.

How to check the running processes under Linux box?
You have the ps tool which can list every background processes in your running system.
So try to run and check the output, you will see many processes in the screen.

ps  ufxa

This command will show you the background process name including the directory which is it running from.
Also it will show you the user name who runs the actual process and also the process’s memory and cpu usage will be shown by this command.


For example check the mysql daemon. The third red cube shows the 2.9 which is the percentage of the current memory usage by mysql daemon.


Next command is the mtr that we will take a look more closely.
Mtr is stands for my traceroute which is a real time traceroute application.
This is not installed by default on any distro you need to do it from repository.


yum install mtr


apt-get install mtr

So let’s do some mtr tracerouting:


This will traceroute the whole route till
As you can see there are some packet losses at but not much.
The other route path look clean and fine, no packets loss whatsoever.


The next mtr trace is to google’s public DNS server address:



To be continued…


DNS tools for sysadmins. Coming soon: SPAM database check.

– Nmap firewall check

– Nslookup domain check. (All records shown)

– Traceroute, tracing packets route

– Reverse DNS check

– Ping check

– Whois tool domain checker

–  Password generator

– Send test mail via mail server  user: admin password: admin

Scanning logged… 

This tools for checking, please do not use it for abuse! 🙂

Sendmail server setup

Sendmail mail server setup and configuration step by step.
Let’s start and setup our first sendmail server.

First thing to do is install the packages that we need.

yum install sendmail sendmail-cf

Then edit the file and make those changes above.

Find the line:

dnl define(`confAUTH_OPTIONS’, `A p’)dnl

and change it to:

define(`confAUTH_OPTIONS’, `A p’)dnl

Then change those lines above. This is need to get outlook express and Mozilla to work with plain text authentication.
Use it only in a secure local network, otherwise use a different authentication mechanism for example ssl.

From this:


To this:


Next step is change the queue parts for fine tuning from these:

dnl define(`confTO_QUEUEWARN’, `4h’)dnl
dnl define(`confTO_QUEUERETURN’, `5d’)dnl
dnl define(`confQUEUE_LA’, `12′)dnl
dnl define(`confREFUSE_LA’, `18′)dnl

To these:

define(`confTO_QUEUEWARN’, `4h’)dnl
define(`confTO_QUEUERETURN’, `5d’)dnl
define(`confQUEUE_LA’, `12′)dnl
define(`confREFUSE_LA’, `18′)dnl

Next thing is the maximum children numbers:

dnl define(`confMAX_DAEMON_CHILDREN’, `20′)dnl


define(`confMAX_DAEMON_CHILDREN’, `20′)dnl

Then the maximum connection number per IP address from this:

dnl define(`confCONNECTION_RATE_THROTTLE’, `3′)dnl

To this:

define(`confCONNECTION_RATE_THROTTLE’, `3′)dnl

Next is the local daemon copy the line and insert your server’s IP address:

DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA’)dnl

If you are using public IP address then put that instead of the private one.
If you want to get IPv6 support then uncomment this line:

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6′)dnl

To this:

DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6′)dnl

Obvious the Address part should be filled properly.

Next find the line:

dnl FEATURE(`relay_based_on_MX’)dnl

and change this to:


If your server runs on a DSL or cable connection then you need to change the smart host part too:

define(`SMART_HOST’, `’)dnl

Obvious change the part to your provider. Then your server will be able to communicate through smtp protocol.
Save the file, this part is done.

Next thing to do is edit the access file and insert your server’s IP address like this:

Connect:            RELAY
Connect:192.168.0                   RELAY

Change the addresses to your server’s IP address and for your local network address too.
The second line needs for the clients computers on your network to be able to relay with the server.
If you are using public IP address then put that IP instead of the private one.
This file enables the sendmail server to reject and accept domain(s) and IP addresses.

When this done you need to hash the access file with this command:

makemap  hash /etc/mail/access.db &lt; /etc/mail/access

Next thing to do is enter the domain name(s) that you have into the local-host-name file like this:

vi /etc/mail/local-host-names

Then save the file and close it.
Create a test user for this email account:

useradd –s /sbin/nologin test1

Change the password for the test1 user:

passwd test1

Then edit the aliases file under the /etc directory and put these line into it:

test1:         test1

Save and close it then issue the newaliases command:


/etc/aliases: 78 aliases, longest 10 bytes, 781 bytes total

After this you got a email address.
If you want more addresses for this account just edit the /etc/aliases file and save it.
Then issue the newaliases command to be accept the new lines from the aliases file.

We are finished with the sendmail part. Let’s compile the sendmail and start it.

make clean
make all
make restart

You can start any service in CentOS Linux with these commands:

service sendmail start


/etc/init.d/sendmail start

Check the sendmail service because it should be switched on otherwise the next reboot the servcie wont start with the chkconfig command:

chkconfig sendmail on

Be carefull with postfix, exim and any another mail servers. Only one mail server can run on the 25 smtp port. So check the service to be switched off with the command:

chkconfig postfix off
chkconfig exim off

And check the firewall smtp port that should be enabled. You can check this with iptbales command:

iptables -L

If it says “ACCEPT     tcp  —  anywhere             anywhere            state NEW tcp dpt:smtp” that is fine.

Last thing to do is change the server name for the appropriate one.
Go to /etc/sysconfig and edit the network file.

vi /etc/sysconfig/network

Change this:



That’s it we are done. After this you should restart the server otherwise the server name wont change.
Before that save every open files!!!
You can restart the server with this command:

shutdown -r now (-r means restart the box. If you put -h the server wont restart it will stay in halt state)

After you rebooted the server test the sendmail server with this command:

telnet localhost 25

Connected to localhost.localdomain (
Escape character is ‘^]’.
220 ESMTP Sendmail 8.13.8/8.13.8; Sun, 16 Jan 2011 19:14:03 GMT
helo me
250 Hello localhost.localdomain [], pleased to meet you
250 2.1.0… Sender ok
rcpt to:test1
250 2.1.5 test1… Recipient ok
354 Enter mail, end with “.” on a line by itself
250 2.0.0 p0GJE39C006422 Message accepted for delivery

To check the open ports on your box use the nmap command.

nmap localhost
nmap myexternalipaddress

Hints for DSL/Broadband connections:

If your server is behind a firewall don’t forget to forward the 25 (smtp) port into your box.
On few DSL line you might have a problem with the MTU size. If the mails stuck into the Linux box then change the MTU size to 1420 in your router.
The DSL line is not a real Ethernet network. It is a pppoe (&lt;a href=””>;/a>) line so the MTU size is smaller then a real Ethernet and it can cause trouble for sendmail.
So if you are having this kind of problem(mail can’t go out from the box)  try to change this in the router and in the Linux box too.
In the Linux box the MTU size at the /etc/sysconfig/networking/devices/ifcfg-eth0

You can download all the configuration files from here:




Next blog will be about the Dovecot POP3/IMAP server.

Show Buttons
Hide Buttons